我正在为我的网页做一个登录系统,当我输入正确的登录ID和密码时,页面刷新回到登录页面。我所做的所有事情都正确无误,但会话使事情变得一团糟,我不知道错误在哪里。
index.php
session_start();
if(!isset($_SESSION['loggedin'])){
header("location:login.php");
}
server.php
if(isset($_POST['login'])){
$username = mysqli_real_escape_string($db,$_POST['Username']);
$password = mysqli_real_escape_string($db,$_POST['password']);
if (empty($username)){
array_push($errors, "Username is required");
}
if (empty($password)){
array_push($errors, "Password is required");
}
if(count($errors) == 0){
$password = md5($password);
$query = "SELECT * FROM register where username='$username' AND password = '$password'";
$result = mysqli_query($db, $query);
if(mysqli_num_rows($result) == 1){//user found
$logged_in_user = mysqli_fetch_assoc($result);
if ($logged_in_user['type'] == 'admin') {
$_SESSION['loggedin'] = true;
$_SESSION['Username'] = $username;
$_SESSION['id'] = $id;
header('location: admin.php');
}
else{
$_SESSION['loggedin'] = true;
$_SESSION['Username'] = $username;
header('location: index.php');
}
}
}
}
答案 0 :(得分:1)
两个页面的代码顶部都应带有session_start()
例如 index.php
<?php
session_start();
server.php
<?php
session_start();
以此类推
另一件事是题外话。首选使用PDO代替mysqli_进行数据库访问